4560 matches found
Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29834
Summary Process Center Console in IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID:CVE-2021-29834 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to stored...
Citrix DaaS - Google Cloud Project (GCP) - Unable to create Machine Catalog Error
Step 1: image-export-ext: 2025-04-23T07:04:13Z Error running workflow: step ""export-disk"" run error: step ""wait-for-inst-export-disk"" run error: WaitForInstancesSignal FailureMatch found for ""inst-export-disk-image-export-ext-export-disk-9sv20"": ""ExportFailed: Failed to copy disk size...
Metadata-Private Messaging without Coordination
For those seeking end-to-end private communication free from pervasive metadata tracking and censorship, the Tor network has been the de-facto choice in practice, despite its susceptibility to traffic analysis attacks. Recently, numerous metadata-private messaging proposals have emerged with the...
CVE-2025-46616
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...
CVE-2025-46616
Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...
CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...
CVE-2025-32958
Adept (prior to commit a1a41b7) exposed the GITHUB_TOKEN via the mac-standalone artifact created by remoteBuild.yml using actions/upload-artifact@v4. The artifact was a zip of the current directory that included the generated .git/config containing the run’s token, enabling an attacker to extract...
Adept 信息泄露漏洞
Adept is a programming language open-sourced by AdeptLanguage. An information disclosure vulnerability exists in versions prior to Adept a1a41b7, which stems from the remoteBuild.yml workflow file potentially disclosing GITHUBTOKEN, which could lead to the push of malicious code...
CVE-2025-32953
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...
z80pack 信息泄露漏洞
z80pack is a Zilog Z80 with Intel 8080 system emulation by the individual developer Udo Munk. An information disclosure vulnerability exists in z80pack version 1.38 and earlier, which stems from the makefile-ubuntu.yml workflow file potentially disclosing GITHUBTOKEN...
GHSA-X8PM-WRG2-MQMX OpenMetadata SQL Injection
OpenMetadata =1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query...
OpenMetadata 安全漏洞
OpenMetadata is OpenMetadata open source a unified discovery, observable and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.1 and earlier versions that stems from a SQL injection...
CVE-2025-32445
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
CVE-2025-32445
CVE-2025-32445 is tied to Argo Events. A user with permission to create/modify EventSource and Sensor CRs can cause the orchestrated pod to run with elevated/privileged capabilities by manipulating fields in spec.template and spec.template.container (including command, args, securityContext, volu...
CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...
SUSE-SU-2025:20184-1 Security update for elemental-operator
This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: Deactivated e2e workflow Updated header year CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238700 CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the...
Security update for elemental-operator
This update for elemental-operator fixes the following issues: Updated to version 1.6.8: Deactivated e2e workflow Updated header year CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238700 CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the K...
DRUPAL-CONTRIB-2025-030
This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...
WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030
This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...